A new blogpost by Proton VPN has done a great job of highlighting the risks associated with connecting to VPN servers in high-risk countries.
The advice it offers is worth sharing as it applies to users of all VPNs, not just those who have opted for Proton VPN.
What Proton VPN offers
Proton VPN currently offers a server network of 372 servers in 31 different countries around the world. This is a reasonable-sized network for what is a relatively young VPN provider, but a glance down the list shows that most of these servers are in stable, western democracies.
Their latest blog post is explaining why they haven’t expanded this network further yet, despite claiming to have users in more than 180 different countries already.
They explain that every country has different privacy laws and some are much better than others. By establishing a server in a country, Proton VPN is not endorsing that countries domestic laws, but they are making part of their network subject to those laws.
This is necessary however as it is often countries with questionable privacy laws that are enforcing the most draconian censorship programmes and which users want to be able to access. This is one of the reasons why we usually advocate large server networks as an advantage in a VPN review.
But Proton VPN has been brutally honest in their blog post admitting that they “cannot guarantee the absolute security of our servers in high-risk countries” such as China. This is a statement that is true for all VPNs, although not all of them are as open about that fact with their users.
So, what should users do?
How to mitigate the risks
Proton VPN has some very sage advice for users who need to connect to servers in these high-risk countries. They firstly suggest that users assume that servers in these countries have been compromised and therefore avoid undertaking any sensitive online activity that could have consequences, through such servers.
In other words, it is okay to stream online TV or browse the web, but if you are a Chinese dissident handling sensitive communications, you are best to avoid them.
Proton VPN also offers a feature known as Secure Core (other VPNs like NordVPN offer a similar feature). Secure Core essentially reroutes VPN traffic through servers in countries with strong privacy laws first.
This means that if a server in a high-risk country became compromised, authorities in that country will not be able to trace activity directly back to your IP Address.
Proton VPN has pledged to not add servers in high-risk countries without making Secure Core available with them. That way, they believe they are doing everything they can to protect their user’s privacy.
Privacy protecting policies
The blog post also highlights a number of other company policies that ProtonMail have in place to help minimise the risk of using these servers. Again, we have seen these policies in place with some (but not all) other VPNs too.
Proton VPN has a policy of not owning infrastructure in high-risk countries. This ensures their VPN is never directly under the jurisdiction of these companies and guaranteeing their status as a Swiss-based company.
These third-party partners will be carefully vetted and Proton VPN makes it clear that if they can’t find the right partner, they won’t set up a server. This is one of the main reasons why their server network does not include more high-risk locations at present .
They also have a policy of only having physical servers rather than virtual ones. Virtual servers elicit mixed views from people. Some VPNs like ExpressVPN deploy them without a problem and it helps them to offer a wider server network. But other providers prefer to avoid them.
Lastly, Proton VPN pledge to be transparent about their network and what users need to do to be safe when connected to their service.
Sound advice for all VPN users
The advice contained within this blog post is extremely sound and we are happy to echo all the main points Proton VPN have made.
While the post is targeted at their users, its messages are worth all VPN users taking heed of. All VPNs push their security credentials hard and it is sometimes easy to get swept up in this and lose sight of the fact that some servers in some countries could be more vulnerable than others.
It is refreshing to see Proton VPN being so open and honest about this fact. It is something a few other VPNs could learn from.